BlackBerry Z10 Privilege Escalation Vulnerability

BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 (CVE-2013-3692)

According to the advisory, an escalation of privilege vulnerability exists in the software ‘BlackBerry® Protect™’ of Z10 phones, supposed to help users delete sensitive files on a lost or stolen smartphone, or recover it again if it is lost.

“Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe.”

The company says that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in the wild. Furthermore, the more severe exploitation requires that an attacker has physical access to the device after its user has downloaded a maliciously crafted application.

As for the second advisory, Adobe Flash Player versions earlier than 10.0.10.648 included with Z10 are affected while versions 2.1.0.1526 on the PlayBook are impacted, identified as CVE-2013-0630.

To exploit this, the user must interact with a malicious .swf application embedded in website content or via an email attachment over webmail through a browser on one of the devices.

To avoid this vulnerability, you should update to the latest Blackberry 10 OS version.

I have been a Windows Rom Developer (ROMs made include Special K and Doug E Fresh Rom). I have port apps for Windows Phone like Opera Mobile, and HTC Sense for Windows Phone. I no longer do that stuff.
I now focus on analyzing malware and I own my own business fixing computers as well as installing secured networks.
In my spare time I have my own mini network at my house to see the impact as well as analyzing the damaging power the malware causes by using malware samples given to me.
Thanks to MobilityDigest.com, I have been given a great pleasure to write about malware and the impact on mobile devices.